[c-nsp] VRF-Lite Question

Ray Burkholder ray at oneunified.net
Sun Feb 11 11:33:34 EST 2007


I did a sample vrf config here:
http://www.oneunified.net/blog/Cisco/vrflite.article

A couple of points:
A) I used GRE tunnels with the end points in the global routing table and
the tunnel content in a separate vrf (keeps routing out of core as you
required) when crossing routed boundaries, say between buildings and such
where I use routed ports rather than trunked ports
B) Latest PIX's are vrf aware.  You should be able to do a search on Cisco
for these types of configs.  It is also known as  acontext-aware PIX config.


That is vrf's in a nutshell.  If anything is still unclear, I can fill in
the details.

Ray.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Shakeel Ahmad
> Sent: Sunday, February 11, 2007 10:50
> To: [c-nsp]
> Subject: [c-nsp] VRF-Lite Question
> 
> Hello,
> 
> I am in middle of solving a puzzle and needed advice from you 
> guyz...thanks in advance...
> 
> Diagram: *http://tinyurl.com/37fho6*
> (A must see or question will be confusing)
> 
> a client is following this topology and now wants to enable 
> wireless access to all the users in all 3 buildings. 
> Requirement is to use the physical 2950's in the building 
> which are connected to 3550's which are connected at
> L3 to the core 4507R. VLANs are not spanned out of one single 
> building - major requirement is to terminate the wireless 
> users directly on a Virtual/Physical interface on PIX 
> firewall while using the same infrastructure (without adding 
> any extra hardware except wireless access points - LinkSys). 
> Client do not want wireless users to share the routing table 
> on core due to security reasons.
> 
> As PIX is involved GRE is out of question - My immeidate 
> suggestion would be VRF-Lite but i am confused here, how will 
> PIX act as CE and if we see the VRF path it's of only two 
> hops 3550 (L3) -> 4507R (L3). besides 4057R & PIX are located 
> in a seperate building via fiber.
> 
> any suggestion or possible solution will be appreciated.
> 
> thanks,
> SA
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> --
> Scanned for viruses and dangerous content at 
> http://www.oneunified.net and is believed to be clean.
> 
> 


-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.



More information about the cisco-nsp mailing list